BBVA shares cybersecurity recommendations with the European Commission

BBVA, together with seven other companies representing different sectors, forms a part of the  working group, European Cybersecurity Industry Leaders (ECIL), which was created in 2015 to provide advice and recommendations to the European Commission on matters related to cybersecurity.

The working group's activities have included various meetings with EC leaders where BBVA has had the opportunity to share its vision about the digital revolution and the ensuing cybersecurity challenges facing the financial sector. In the most recent meeting in Brussels, the working group met with Andrus Ansip, European Commission Vice President in charge of the strategy behind the EC’s Digital Single Market.

During the meeting, members of the group presented the conclusions of their recent analysis and a series of recommendations (to download it go to the link at the bottom of the page) aimed at helping the EC achieve the goals of its Digital Single Market strategy, as well as bolstering Europe’s ability to face the challenges of the digital economy.

“The guiding principles and objectives of ECIL's work are the protection of the cyberspace and the digital economy, the strengthening of the competitiveness of European companies through fostering the further harmonization of the EU’s cyber policy, and ultimately successfully completing the EU’s Digital Single Market.” the report explains.

Included among the recommendations are the need to create a single certification system for member countries, to avoid regulatory fragmentation, and to promote the cross-industry harmonization of cybersecurity policies that, in turn, facilitate advances of digital companies across the board and in all of Europe's industries. The report also provides recommendations on the role of ENISA (the European Union Agency for Network and Information Security), incident reporting and sharing, cooperation with law enforcement, and the EU’s digital sovereignty.

The ECIL working group is composed of BBVA, Airbus, ATOS, BMW Group, Cybernetica, Ericsson, F-Secure, Infineon and Deutsche Telekom.

Recommendations to benefit the Digital Single Market

“Due to the increased use of connected devices, in particular IoT devices, additional measures are required in the Digital Single Market to establish an adequate level of cybersecurity,” the report explains in reference to the need to implement a certification system that includes the highest security standards. The paper proposes the creation of a "labeling system" as an improvement to the current system, which will allow users to distinguish between "secure devices and those that are not," the authors explained. This proposed new system should account for the different requirements of each service, product or application, because different offerings in different sectors shouldn’t have to comply with the same security requirements.

"The report encourages a review of current EU harmonization policies to encourage progress towards a secure digital market."

The report goes on to say that to ensure that the system works properly, private sector involvement in its development is "essential.” ENISA’s role in the successful transition to a new certification model is also mentioned: "The agency should assume the task of an independent audit and certification authority, which monitors and audits the standardization and certification processes in the EU.”

The report encourages a review of the the current NIS-Directive with the aim to improve current EU harmonization policies to encourage progress towards a secure digital market. "The capabilities of the operators of networks and information systems to detect and counter these incidents are limited and therefore all market participants who are exposed to risks need to be covered by the review of the NIS-Directive,” assert the report's authors.

According to the paper, the approach to incident reporting also calls for standardization across industries with the involvement of both private and public sector institutions to facilitate the exchange of information. "To increase effectiveness this must not be a one-way-street – it needs to be a bi-directional exchange.” the paper points out.

The same is true for cooperation with law enforcement, an area the group also believes calls for further harmonization to confront existing fragmentation. Specifically, the report explains that a standardized approach to law enforcement’s access to encrypted data needs to be established in order to prevent misuse and ensure data privacy. "Encryption is one of the most important security measures against the misuse of personal information," it explains.

Finally, the paper calls for the creation of a “holistic” European digital platform, which would serve to improve digital competitiveness against the U.S. and Chinese markets. “Europe needs a platform to secure sovereignty and efficient single-market oriented digital capabilities." the report states. Technologies such as 5G, the Cloud, and the Internet of Things, in addition to defined priorities for cybersecurity and artificial intelligence ['High Performance Computing'] should all be part of a holistic platform "where policy and business incentives should work together to enhance prospects for Europe in the global landscape.” the report concludes.